MAINFRAME > Administrator > Security

Network Security

The zEnterprise System changes firewall requirements.

The zEnterprise System changes firewall requirements.

The new IBM zEnterprise* System brings with it a new vision for networking and network security. When it comes to consolidation, it’s time to step back and forget about business as usual. For many end-to-end solutions, traditional network firewalls will no longer be needed for their network traffic between multitier workloads within a zEnterprise ensemble.

Firewall Basics

Before we dive into the new network architecture, it’s important to understand networking basics. Networking professionals generally have firewall technology somewhere on their radar. Firewalls come in all shapes and sizes, some with bells and whistles you’ll never use. Unified Threat Management (UTM) solutions do it all—firewall along with intrusion detection and prevention, etc., in one box. Purpose-built firewalls focus on high-speed throughput. Application firewalls focus on protecting Web server or database traffic. Host firewalls protect an individual server from external attack. Network firewalls serve as the gateway between network traffic that must flow from one security zone to another.

This article concentrates on the network firewall as it sits in the network ensuring isolation among separate security zones and their network traffic as well as blocking unauthorized communications while letting authorized traffic pass through. One of the more common examples of a network firewall is the Demilitarized Zone (DMZ), which uses two separate and distinct firewalls to encapsulate a perimeter network. It isolates the more secure, private or protected network from the less secure external network. Each of these networks—external, perimeter and private—is considered a separate security zone, with the firewall providing the only gateway for network traffic between security zones.

zEnterprise Networking

The zEnterprise System is no longer the only host to the traditional System z* OSs such as z/OS*, z/VM*, Linux* for System z, z/VSE or zTPF. It can also include an optional zEnterprise BladeCenter* Extension (zBX), which consists of up to four racks comprised of special-purpose blades along with System x* or AIX* OS-based blades. The traditional System z environment or central processor complex (CPC) along with a zBX is called a node. Up to eight nodes can be included in what’s now called an ensemble. This provides a very diverse and flexible platform for hosting many end-to-end solutions in a physically secure environment.

Jerry Stevens is a senior technical staff member with IBM Software Group and works in AIM Enterprise Networking Solutions Architecture Strategy and Design with a focus on communications hardware architecture. He has more than 25 years of experience with z/OS network communications.

Peter Spera is a senior software engineer with IBM. Peter can be reached at

comments powered by Disqus



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.


Implementing Cryptographic Keys

Protect your Linux server from root password-guessing attacks.

Network Security

The zEnterprise System changes firewall requirements.

Data Lockdown

Use DB2 and z/OS to prevent security breaches.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
Mainframe News Sign Up Today! Past News Letters